* YUM4/DNF compatibility via yum action plugin
DNF does not natively support allow_downgrade as an option, instead
that is always the default (not configurable by the administrator)
so it had to be implemented
- Fixed group actions in check mode to report correct changed state
- Better error handling for depsolve and transaction errors in DNF
- Fixed group action idempotent transactions
- Add use_backend to yum module/action plugin
- Fix dnf handling of autoremove (didn't used to work nor had a
default value specified, now does work and matches default
behavior of yum)
- Enable installroot tests for yum4(dnf) integration testing, dnf
backend now supports that
- Switch from zip to bc for certain package install/remove test
cases in yum integration tests. The dnf depsolver downgrades
python when you uninstall zip which alters the test environment
and we have no control over that.
- Add changelog fragment
- Return a pkg_mgr fact if it was not previously set.
* Share the implementation of hashing for both vars_prompt and password_hash.
* vars_prompt with encrypt does not require passlib for the algorithms
supported by crypt.
* Additional checks ensure that there is always a result.
This works around issues in the crypt.crypt python function that returns
None for algorithms it does not know.
Some modules (like user module) interprets None as no password at all,
which is misleading.
* The password_hash filter supports all parameters of passlib.
This allows users to provide a rounds parameter, fixing #15326.
* password_hash is not restricted to the subset provided by crypt.crypt,
fixing one half of #17266.
* Updated documentation fixes other half of #17266.
* password_hash does not hard-code the salt-length, which fixes bcrypt
in connection with passlib.
bcrypt requires a salt with length 22, which fixes#25347
* Salts are only generated by ansible when using crypt.crypt.
Otherwise passlib generates them.
* Avoids deprecated functionality of passlib with newer library versions.
* When no rounds are specified for sha256/sha256_crypt and sha512/sha512_crypt
always uses the default values used by crypt, i.e. 5000 rounds.
Before when installed passlibs' defaults were used.
passlib changes its defaults with newer library versions, leading to non
idempotent behavior.
NOTE: This will lead to the recalculation of existing hashes generated
with passlib and without a rounds parameter.
Yet henceforth the hashes will remain the same.
No matter the installed passlib version.
Making these hashes idempotent.
Fixes#15326Fixes#17266Fixes#25347 except bcrypt still uses 2a, instead of the suggested 2b.
* random_salt is solely handled by encrypt.py.
There is no _random_salt function there anymore.
Also the test moved to test_encrypt.py.
* Uses pytest.skip when passlib is not available, instead of a silent return.
* More checks are executed when passlib is not available.
* Moves tests that require passlib into their own test-function.
* Uses the six library to reraise the exception.
* Fixes integration test.
When no rounds are provided the defaults of crypt are used.
In that case the rounds are not part of the resulting MCF output.
* including test case using environment variables as per issue #44163
* including missing environment variable in shared documentation fragement, related to issue #44163
* fixes parameters via environment variables, issue #44163
The AWS API and console docs are inconsistent about whether EC2 instances have IAM profiles or roles. Things which follow the API tend to use profile but the console uses “IAM Role”. This adds that term to the help text so it's searchable.
+label: docsite_pr
* Switch to LiteralPath instead of Path. Closes#44508
* add changelog fragment
* fix line endings and remove final empty line
* Minor text changes in changelog
* Override description for account_key_src and account_key_content to also mention private_key_*.
* Convert generic OpenSSL/cryptography remark from description to note.
This avoids the whole description list to be sorted alphabetically, which will be done by plugin_docs.py in case description is mentioned in both module fragment and module itself.
* Moving more notes to the notes: section.
* Uniformization of first paragraph. Mainly mention ACME supporting CAs, and only then mention Let's Encrypt as one of them.
* Adjusting to current drafts.
* Adjusting to updated drafts.
* Harmonizing short module descriptions.
* Referencing helper modules.
* Move general Let's Encrypt remark to doc fragment.
* Changing some Let's Encrypt references to more generic statements.
This fix allows user to specify idle timeout for fetch_url used
internally in IPA connection and post_json call.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Added nios_txt_record module
Whitespace cleanup and version fix
First stab at txt record integration test
Fix for CI version requirement
Added nios_txt_record module
Whitespace cleanup and version fix
First stab at txt record integration test
Fix for CI version requirement
force re-run
* added alias for cloud group1
This PR includes:
- Removal of maintainers that are listed as author in the module
- Removal of entries that do not extend the original author list
- Move ignored-statement to namespace/directory (where useful)
- In some cases, fix the authors-list or add missing github id
We end up with a list of exceptions/additions and a large set of
namespace/directory maintainers or team of maintainers.
Some entries could be further improved by discussing with some
maintainers.
* Fix ansible-doc wrt removed modules
* Fix listing of modules ia ansible-doc to not complain about removed modules
Removed modules are marked as such in the metadata but nowhere else.
Need to retrieve the metadata when a module doesn't have a doc so that
we can tell if it falls under this case.
* omit removed modules from json dump
* Print an error that the module has been removed if attempting to run
ansible-doc on that specific module
* Get plugin_formatter to stop outputting removed modules
* Removed modules no longer have documentation
Decided this was causing people to think that modules were supported
even after being removed. This change is a new strategy to have the
error message trying to use a removed module point people to the older
documentation.
* Add stubs for modules removed in 2.7
These are freshly removed so we want people who are still using them
when they upgrade Ansible to have a hint as to where to find information
on how to port.
* Finish properly undeprecating include
include was undeprecated earlier but not all of the pieces that marked
it as deprecated were reverted. This change fixes the remaining
pieces
The AnsiballZ optimization which only uses one pyton interpreter
currently monkeypatches the arguments into a global argument in module_utils
so we need to always include basic.py. In the future we should fix this
so that it monkeypatches its own file. That way we won't need to always
include basic.py
* elb_application_lb: fix dangerous default of deleting an ELB if state is omitted by changing state to default to present to be more like other AWS modules
* expend checksum format to <algorithm>:(<checksum>|<url>)
* continue to code at office
* ALPHA - expend checksum format to <algorithm>:(<checksum>|<url>)
* clean up tmpfile and comment
* try to add test code for 27617
* try to add test code for 27617
* try to add test code for 27617
* try to fix [Could not find or access 'testserver.py']
* fix test code [Could not find or access 'testserver.py']
* fix test code [add files dir]
* fix test code [files dir not exists]
* as [connection was closed before a valid response was received]
* [connection was closed before a valid response was received]
* [connection was closed before a valid response was received]
* add test item [sha1 and sha256]
* since [connection was closed before a valid response was received]
* fix [connection was closed before a valid response was received]
* fix test code typo
* add docs for #27617
* PR #43751 is minor change
* fix pep8 issue.
* fix test code style.
* fix unexpected quote
* Resolve issues in NetApp E-Series Host module
The E-Series host module had some bugs relating to the update/creation
of host definitions when iSCSI initiators when included in the
configuration. This patch resolves this and other minor issues with
correctly detecting updates.
There were also several minor issues found that were causing issues with
truly idepotent updates/changes to the host definition.
This patch also provides some unit tests and integration tests to help
catch future issues in these areas.
fixes#28272
* Improve NetApp E-Series Host module testing
The NetApp E-Series Host module integration test lacked feature test
verification to verify the changes made to the storage array.
The NetApp E-Series rest api was used to verify host create, update, and
remove changes made to the NetApp E-Series storage arrays.
When removing an instance via its ID, it is not clearly explained that one should use the `name` parameter.
Also a simple example is provided.
+label: docsite_pr
This PR includes:
- Use uppercase in descriptions
- Add trailing dot to descriptions
- Grammar/spelling fixes
- Adding names to examples as a best practice
- Simplify structure
* issue:43021 add support for onyx version 3.6.6000
Signed-off-by: Samer Deeb <samerd@mellanox.com>
* issue:43021 add support for onyx version 3.6.6000
Signed-off-by: Samer Deeb <samerd@mellanox.com>
* Update docs
* Add reboot action plugin
Refactor win_reboot so it is subclassed from reboot
* Use new connection methods
* Test fixes
* Use better uptime command for Linux
Use who -b to get the last time the system was booted rather than uptime, which changes every second.
* Use distribution specefic commands and flags
Query the managed node to determien its distribution, then set the appropriate command and flags.
* Tune debug messages a bit
* Update module docs with details about pre_reboot_delay
s docs
* Ensure that post_reboot_delay is a positive number
* Remove the stringification
* Add integration tests
* Make sure aliases are honored
* Handle systems that have an incorrect last boot time
SystemD and fakehw-clock do not properly set the
last boot time and instead always set it to epoch.
Use a different command if that is the case.
* Copyright and encoding fixes
* Minor fixes based on feedback
* Add exponential backoff to sucess check method
* Update integration test
Skip the integration test if it would try to reboot the control node. We need a new mechanism to account for this scenario in ansible-test, so tests must currently be run manually for this plugin.
* Update integration test
Skip the integration test if it would try to reboot the control node. We need a new mechanism to account for this scenario in ansible-test, so tests must currently be run manually for this plugin.
* Fail early with running with local connection
* Update docs based on feedback
* minor refactoring, state mgmt changes
The 'free' strategy still attempts to do all hosts per task before going to the next, it just doesn't wait for slow hosts,
This strategy processes each host as fast as possible to the end of the play before trying to process another host in the pool.
* Add (preview) diff mode support ec2_group
* Add diff mode to some ec2_group integration tests
* Remove unnecessary arguments and add comment to the module notes
* Add changelog
Since the ACI modules (like most network-related modules) run on the
local controller, this PR adds the necessary details so users are aware
of this particular feature.
When creating a new account, check to see if the expiration parameter is negative and pass in the appropriate parameter. Since the negative integer passed into expires is converted to time.struct_time which in turn gets converted to a formatted time string when passed to the underlying command, a -1 or large negative number would result in passing a date before 1970-01-01 to the underlying command.
This had the opposite effect of creating an account with no expiration account resulting in a newly created account that was already expired, or just throwing an error on certain systems.
* gather_subset is a list of strings
When gather_subset is an integer, a message pointing out the problem, current tb error
is replaced by this one:
ERROR! the field 'gather_subset' should be a list of (<class 'str'>,), but the item '42' is a <class 'int'>
...
* gathering_facts test: ensure smart gathering is on
* Currently network_cli support multiple prompts
single answer as response. This PR adds support
for multiple answers.
* In case of multiple prompts and mulitple answers the
index of a particular prompt in the prompts list should
match with the index in the answer list.
In python 3.7.0, changes in `ssl.py` breaks `smtplib.SMTP_SSL`, which
then breaks `mail` module in ansible.
Run this line in python shell:
import smtplib;smtplib.SMTP_SSL().connect(host='smtp.gmail.com', port=465)
Before python 3.7.0, we will get:
(220, b'smtp.gmail.com ESMTP j13-v6sm3086685pgq.56 - gsmtp')
In python 3.7.0, we get such error at `lib/python3.7/ssl.py` line 843, method `_create`:
ValueError: server_hostname cannot be an empty string or start with a leading dot.
The ssl module is using host info on SMTP_SSL instance, which is not set.
The fix/workaround is simple, just pass host info to it:
import smtplib;smtplib.SMTP_SSL(host='smtp.gmail.com').connect(host='smtp.gmail.com', port=465)
Fixes: #44550
Signed-off-by: Guo Qiao <guoqiao@gmail.com>
This prevents the accidental creation of TXT records where every
single word gets split into its own string, such as TXT record values
in the format of `"foo" "bar" "baz"`. That being an implicit behavior
I have very hard to see anyone purposely relying on.
TXT record values can still explicitly be defined as one or more
strings, without any change in syntax.
Resolves#43380
* adding next network pluggin
* include exclude option for next_ip search
* changing example provider input
* adding new line at end
* version added info
* to fix shippable errors
* to fix shippable errors
* adding exclude option in doc section
* fix review comment
* fix review comment
* Correct the default doc for attached in ec2_eni
Also corrected a typo in the summary
* Address ansible-test sanity error about E324
* Fix and remove the E325 suppression for ec2_eni
Extends `module_defaults` by adding a prefix to defaults `group/` which denotes a builtin list of modules. Initial groups are: `group/aws`, `group/azure`, and `group/gcp`
* add route module
* add test
* add table
* add route table
* fix dict
* fix
* fix
* route table accept no name
* add default
* fix
* fix
* fix
* fix pep
* support route table
* fix line ending
* fix pep
* fix
* fix
* set the default to 'None'
* make return value only id
* camel and snake
* set test alias
* change facts line ending
* change test
* fix
* add default
* fix
* fix line break
* remove unsafe args
* fix comment
* fix
* adding postgresql server facts
* updating postgresql server facts, minor changes
* changed return dict to list
* fixed test
* fixed several issues
* several updates
* fixed naming
* list -> complex
* try again
* fixed mistake
* added user_visible_state to the result
* added fully_qualified_domain_name
* fixed second test
* updates
* fixed test
* updated samples in return value
* wait for postgresql server to be actually ready
* another approach for test
* second server was not created
* fixing pr comments
* fix sanity
* removed forgotten ansible_facts
* added account_alias in the response of module aws_caller_facts
* added comment to explain list_account_aliases
* renamed caller_identity to caller_facts as the content is extended
* created changelog
* security-policy needs the iam:ListAccountAliases for this module to work
* test now checks for the added field account_alias
* gracefully handle missing iam:ListAccountAliases permission
* Added helper module for generating ACME challenge certificates.
* Soft-fail on missing cryptography. Also check version.
* Adding integration test.
* Move acme_challenge_cert_helper from web_infrastructure to crypto/acme.
* Adjusting to draft-05.
* The cryptography branch has already been merged.
Wow, this does not seem to be an uncommon misspelling. Might be there
are some left that span over two lines. I noticed the one in the git
module and then used `grep -rw 'the the'` to find some more.
Many OpenStack modules provide the ability to register a resource in a
project other than the one being used to authenticate with, by adding a
project parameter to the module. Examples include os_network, os_subnet,
and os_router. This change adds a project parameter to the
os_security_group module.
Fixes: #34467Fixes: #30292
This allows to parse the output when the user's locale changes the
commands' output. For example chkconfig uses 'Ein' and 'Aus' instead of
'on' and 'off' when using LANG=de_DE.UTF-8 breaking the service
detection on RHEL 6.
* Docker: Convert units for kernel_memory
Other memory arguments already use human_to_bytes to convert the
units. This change makes the behavior more consistent.
* Update Docker unit parsing documentation
This explains the units more precisely and makes the documentation
more consistent.
This fixes#16526.
when using only an activation key without any channels.
As already suggested by mattclay in
https://github.com/ansible/ansible/pull/25079
and also patch unit test for rhn_register and
add test case for activationkey only
Add _flushed_hosts dict to store when handlers are flushed and prevent them
to be executed too early using _filter_notified_hosts.
Add _wait_on_handler_results to wait only for handlers to be completed.
Remove only hosts that have been flushed from handler notified list.
Fix#31504, #23970
Fixes#43653
- Change descrtiption parameter default to null.
When reading an empty description from AD, powershell returns a null.
- Convert after and before diff keys to ordered hashes.
Unordered state descriptions make --diff report equal values as
changes.
OpenNebula 5.5.8 expects int in DISK_SIZE field when you create a vm, not a float.
For example, "42 GB" should be sent to OpenNebula API as "43088", not as "43088.0". MEMORY you cast to int explicitly, but DISK_SIZE not.
Portions of the f5-sdk were removed as well as the netaddr library
and were replaced with libraries that are part of ansible. Additionally,
deprecated code has been removed.
Cloudflare's DNS API deals with the case insensitivy of DNS names and
IPv6 addresses by forcing them into lower case. To properly be able to
detect changes the Ansible module needs to behave accordingly.
To what extent the API expects sent DNS names to be lower case varies
between record types. Yet, since sending lower case always works, and
since we always get lower case back, it feels cleanest to use lower
case for all DNS names.
* Use newer is_sequence function instead of MutableSequence. Fixes#44327
* Add changelog for #44331
* Update changelog fragment to describe the fix in more detail
Fixes#40650Fixes#40245Fixes#41541
* Refactor netconf_config module as per proposal #104
* Update netconf_config module metadata to core network supported
* Refactor local connection to use persistent connection framework
for backward compatibility
* Update netconf connection plugin configuration varaibles (Fixes#40245)
* Add support for optional lock feature to Fixes#41541
* Add integration test for netconf_config module
* Documentation update
* Move deprecated options in netconf_config module
* init remote_vv_file
* update documentation
* update documentation 2
* update description
* add correct style of ovirt info
* update documentation
* correct line width in docs
* use correct end line in docs
* Add WTI OOB and PDU Device status, control and configuration module
* reorganized module names, removed multiple modules
* Fixed sanity check failures
* Fixed sanity check failures
* Fixed sanity check failures
* Fixed sanity check failures
* moved module from network directory to remote_management.
added validate_certs parameter
added example returned data.
* pep8 issues
* cpm_status code removed from module section and placed in plugins/lookup.
Modified module code to lookup style code
* EXAMPLE spacing format error
* EXAMPLE formatting
* removed split_line parameter. Return is exclusively formatted JSON
* display edits
* delete display debug text
* Change the examples to use YAML rather than k=v shorthand
* re-enabled "required" flags for cpm_username and cpm_password
* moved redundant ansible.module_utils._text import of to_native to previous ansible.module_utils._text import line
* Got unusual error from GitHub checkin of Unstable, bump to see if it happends again.
* New boto3_facts module
boto3_facts aims to help users see whether their python and module
versions are as expected.
* Rename to `assert_python_requirements`
* Update integration tests
* Document options
* fix imports
* boilerplate
* fix docs
* reorder import
* Make distutils optional and fail gracefully when it is not available
* fix example doc
* fix docs on requirements_facts
* Don't use copy.deepcopy in high workload areas, use deepishcopy. ci_complete
* Add tests
* Add changelog fragment
* rename to naive_deepcopy and add extra docs
* Rename to module_response_deepcopy and move to vars/clean
One can install alternate packages managers on debuntu machines.
However, doing so doesn't mean you want to suddenly start using them.
Add in a check similar to the fedora yum/dnf check that sets apt as the
pkg_mgr if the ansible_os_family is Debian.
This commit introduces a new module called vultr_network_facts.
This module aims to return the list of networks avaiable in Vultr.
Sample available here:
```
"vultr_network_facts": [
{
"date_created": "2018-08-02 11:18:49",
"id": "net5b62e8991adfg",
"name": "mynet",
"region": "Amsterdam",
"v4_subnet": "192.168.42.0",
"v4_subnet_mask": 24
}
]
```
The documentation defines `cpu` as:
```
default cpu type
default value: kvm64
```
Therefore defining `cpu` with `8` in the `examples` section makes no
sense. So changing to `cores`.
Signed-off-by: Christian Rebischke <Chris.Rebischke@posteo.de>
When a datacenter has multiple clusters it is required to use the
cluster name to find the correct default resource pool to import
OVF images to.
Fixes issue 42644.
Signed-off-by: Michael Cronenworth <mike@cchtml.com>
* add example using the "when" keyword
<!--- Your description here -->
add example using the "when" keyword comparing group_var variable to returned value from ios_facts
+label: docsite_pr
+label: issue #311
* Update ios_config.py
* Update ios_config.py
* Refactor yum and dnf, add feature parity
Signed-off-by: Adam Miller <admiller@redhat.com>
* remove unnecessary module_utils, move the classes into the module code
Signed-off-by: Adam Miller <admiller@redhat.com>
* remove yum -> yum4, out of scope
Signed-off-by: Adam Miller <admiller@redhat.com>
* use ABCMeta
Signed-off-by: Adam Miller <admiller@redhat.com>
* re-arrange run() caller vs callee
Signed-off-by: Adam Miller <admiller@redhat.com>
* make sanity checks happy
Signed-off-by: Adam Miller <admiller@redhat.com>
* fix yum unit tests
Signed-off-by: Adam Miller <admiller@redhat.com>
* remove unecessary debug statements, fix typo
Signed-off-by: Adam Miller <admiller@redhat.com>
* fix licensing and attribution in yumdnf module_util
Signed-off-by: Adam Miller <admiller@redhat.com>
* include fix from PR 40737
original commit 5cbda9658a
original Author: Strahinja Kustudic <kustodian@gmail.com>
yum will fail on 'No space left on device', fixes#32791 (#40737)
During the installing of packages if yum runs out of free disk space,
some post install scripts could fail (like e.g. when the kernel
package generates initramfs), but yum would still exit with a status
0. This is bad, especially for the kernel package, because it makes
it unable to boot. Because the yum module is usually used for
automation, which means the users cannot read every message yum
prints, it's better that the yum module fails if it detects that
there is no free space on the disk.
Signed-off-by: Adam Miller <admiller@redhat.com>
* Revert "fix licensing and attribution in yumdnf module_util"
This reverts commit 59e11de5a2.
* move fetch_rpm_from_url out of yumdnf module_util
Signed-off-by: Adam Miller <admiller@redhat.com>
* fix the move of fetch_rpm_from_url
Signed-off-by: Adam Miller <admiller@redhat.com>
Make git module support --separate-git-dir option. When git version is higher than 1.7.5, use built-in --separate-git-dir option during the clone. When lower, adjust the location of git dir manually after clone to achieve the same effect.
The inventory plugin api grew a self.cache that wasn't there when we
first wrote it. There's also a need to pull in the documentation
fragments so that we have the cache parameters.
Due to blank line returned from vCenter, wrong values were appended
to NTP server list. This fix adds filter for such blank values of NTP servers.
Fixes: #44183
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Grammar on the description for option 'list' was grammatically incorrect. Also suggest to add wording that clarifies that 'list' is indeed Access-Based Enumeration.
+label: docsite_pr
* Add note about adding new key requiring update
When a new repo and new key are added, attempts to install packages
signed by that key fail until `apt-get update` is run. This note
is an attempt to help users avoid getting errors when they miss
this step.
* related to issue #25091
* switch example to apt module
* Compress src interface into one key
* Modified regex to support varied interface types
* Fixed documentation
* Unpacking return values from splitting method
- support config operations for EXOS-based platforms
- add regex to detect command failure responses
- add exos action plugin for "backup" operation
- add unit tests for exos_command (currently 94% coverage of
exos_config.py)
* Add backup option
* Only backup shadow file when the OS has one
* Only backup shadow file for SunOS
* Update docs on backup feature
* Add changelog fragment
* Add tests for shadow backup
* Remove backup option, make it automatic
Remove the option to enable/disable backups and make it automatic. Add note to docs describing this behavior.
Change tests to account for new module behavior.
Change section name in changelog fragment since minor_features is not a valid section.
NOTE:
1. use os.open() with os.O_CREAT|os.O_EXCL to check existence
and create a lock file if not exists, it's an atomic operation
2. the fastest process will create the lock file and others will
wait until the lock file is removed
3. after the writer finished writing to the password file, all the reading
operations use built-in open so processes can read the file parallel
* strip additional comments from /etc/default/passwd
Strip trailling comments from /etc/default/passwd like
MINWEEKS=1 #MINWEEKS=2
MAXWEEKS=12 # MAXWEEKS=8
Which otherwise cause failures with "failed to read /etc/default/passwd: too many values to unpack"
* fix carriage return typo in commit
* yet another typo in commit
* Fix indent problem
* add changelog fragment for PR 43931
Ideally I would have liked to compare the TTL as part of the
prerequisite check. Sadly that isn't supported by the RFC 2136 update
protocol. Hence the additional query.
Resolves#39465
* Update cloudflare_dns account link
* Add SSHFP and TLSA records to cloudflare_dns module
These are record types which Cloudflare recently added support
for. They both go well together with DNSSEC.
Technically it's a bit of a simplification to use the hash_type
parameter for TLSA records. Yet, it fits with all the real world usage
I have seen, and it keeps the module from sprawling too much.
Related to #43803